How I to save data in mysql

Question

1.00/5 (1 vote)

See more:

Hey guys I have 2 problems first is date picker how to format it so it will save to the table Y-mm-dd not mm-dd-y and second one is i have this form and it is not saving to the table 'events' it is behaving like it is but i Don't see any data

What I have tried:

here is my html

<main class="content-wrapper">
        <div class="wrapper">
        <section class="form signup">
        <header>Create Event</header>
        <form>
        <div class="field input">
            <label>Event Name</label>
            <input type="text" name="eventname" placeholder="Event Name" required>
          </div>
          <div class="field input">
          <label>End Date and Time (date and time)</label>
          <input type="datetime-local" name="startdate"  required>
          </div>
          <div class="field input">
            <label>End Date and Time (date and time)</label>
            <input type="datetime-local" name="enddate"  required>
          </div>
          <div class="field input">
        <label>Descrption</label>
        <textarea id="desc" name="descrption" rows="4" cols="50">
        </textarea>
        </div>
          <div class="form-group">
  <label class="label_txt">Staus </label>
  <select type="text" class="form-control" name="status"  required>
  <option value="1">Active</option>
  <option value="0">Inactive</option>
  
  </main>
</select>
          <div class="field button">
          <input type="submit" name="createe" value="Create">
        </div>
  </form>
  </section>
</div>
</div>

here is my PHP

if (isset($_POST['createe'])){

    $eventname=$_POST['eventname'];
    $startdate=$_POST['startdate'];
    $enddate=$_POST['enddate'];
    $desc=$_POST['descrption'];
    $status=$_POST['status'];
    $date=date('Y-m-d');

    $sql = "INSERT INTO `events`(`id`, `title`, `description`, `start_date`, `end_date`, `created`, `status`, `username`) VALUES
    ('','$eventname','$desc','$startdate','$enddate','$date','$status','$username')" ; 
     $query= mysqli_query($dbc,$sql);
   
}
    }
    ?>

and above that PHP i have one more php for $username

Posted 12-Jan-22 12:10pm

Member 13084733

Updated 12-Jan-22 14:54pm

v2

Add a Solution

Comments

Richard Deeming 13-Jan-22 7:17am

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Luc Pattyn · Accepted Answer · 2022-01-12T14:54:00

Hi,

1)
your HTML FORM tag is incomplete, it is lacking action and method parameters.
See e.g. HTML form tag[^]

Without them, clicking your submit button will do nothing at all.
From your PHP code, it seems the method you want is 'post'.

2)
databases don't care about formatting data, their purpose is storing data and nothing else. I hope you do store datetime info in the appropriate field type, which is NOT string. Specialized types (such as numeric and datetime) exist so the database can offer you appropriate comparisons, sorting, etc.

Formatting how data is shown to the users will later be the task of the code of the viewer.

3)
CopyPasteGriff will soon add some boilerplate warning about SQL Injection Attacks...

:)